summaryrefslogtreecommitdiffstats
path: root/meta-agl-bsp/meta-ti
diff options
context:
space:
mode:
authorKarthik Ramanan <a0393906@ti.com>2017-03-29 13:47:33 +0530
committerJan-Simon Moeller <jsmoeller@linuxfoundation.org>2017-03-30 07:29:07 +0000
commit720729e762d6b19f29286b3e534c550adf1405f4 (patch)
tree338edf1f96eef95d3a5448f21a6fc8f16f2dda05 /meta-agl-bsp/meta-ti
parentdb96e667dfc57e2cd7bc003a8e97e6a079d58eec (diff)
dra7xx: linux: Update smack patches for Kernel 4.9
Change-Id: Ie6e56fbbf877be62d69daa0d06141009cb99422a Signed-off-by: Karthik Ramanan <a0393906@ti.com>
Diffstat (limited to 'meta-agl-bsp/meta-ti')
-rw-r--r--meta-agl-bsp/meta-ti/recipes-kernel/linux/files/0001-Smack-File-receive-for-sockets.patch65
-rw-r--r--meta-agl-bsp/meta-ti/recipes-kernel/linux/files/0002-smack-fix-cache-of-access-labels.patch43
-rw-r--r--meta-agl-bsp/meta-ti/recipes-kernel/linux/files/0003-Smack-ignore-null-signal-in-smack_task_kill.patch39
-rw-r--r--meta-agl-bsp/meta-ti/recipes-kernel/linux/linux-ti-staging_%.bbappend3
4 files changed, 0 insertions, 150 deletions
diff --git a/meta-agl-bsp/meta-ti/recipes-kernel/linux/files/0001-Smack-File-receive-for-sockets.patch b/meta-agl-bsp/meta-ti/recipes-kernel/linux/files/0001-Smack-File-receive-for-sockets.patch
deleted file mode 100644
index 4021e5d38..000000000
--- a/meta-agl-bsp/meta-ti/recipes-kernel/linux/files/0001-Smack-File-receive-for-sockets.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From 2b206c36b16e72cfe41cd22448d8527359ffd962 Mon Sep 17 00:00:00 2001
-From: Casey Schaufler <casey@schaufler-ca.com>
-Date: Mon, 7 Dec 2015 14:34:32 -0800
-Subject: [PATCH 1/4] Smack: File receive for sockets
-
-The existing file receive hook checks for access on
-the file inode even for UDS. This is not right, as
-the inode is not used by Smack to make access checks
-for sockets. This change checks for an appropriate
-access relationship between the receiving (current)
-process and the socket. If the process can't write
-to the socket's send label or the socket's receive
-label can't write to the process fail.
-
-This will allow the legitimate cases, where the
-socket sender and socket receiver can freely communicate.
-Only strangly set socket labels should cause a problem.
-
-Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
----
- security/smack/smack_lsm.c | 22 ++++++++++++++++++++++
- 1 file changed, 22 insertions(+)
-
-diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
-index ff81026..b20ef06 100644
---- a/security/smack/smack_lsm.c
-+++ b/security/smack/smack_lsm.c
-@@ -1860,12 +1860,34 @@ static int smack_file_receive(struct file *file)
- int may = 0;
- struct smk_audit_info ad;
- struct inode *inode = file_inode(file);
-+ struct socket *sock;
-+ struct task_smack *tsp;
-+ struct socket_smack *ssp;
-
- if (unlikely(IS_PRIVATE(inode)))
- return 0;
-
- smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
- smk_ad_setfield_u_fs_path(&ad, file->f_path);
-+
-+ if (S_ISSOCK(inode->i_mode)) {
-+ sock = SOCKET_I(inode);
-+ ssp = sock->sk->sk_security;
-+ tsp = current_security();
-+ /*
-+ * If the receiving process can't write to the
-+ * passed socket or if the passed socket can't
-+ * write to the receiving process don't accept
-+ * the passed socket.
-+ */
-+ rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad);
-+ rc = smk_bu_file(file, may, rc);
-+ if (rc < 0)
-+ return rc;
-+ rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad);
-+ rc = smk_bu_file(file, may, rc);
-+ return rc;
-+ }
- /*
- * This code relies on bitmasks.
- */
---
-2.7.4
-
diff --git a/meta-agl-bsp/meta-ti/recipes-kernel/linux/files/0002-smack-fix-cache-of-access-labels.patch b/meta-agl-bsp/meta-ti/recipes-kernel/linux/files/0002-smack-fix-cache-of-access-labels.patch
deleted file mode 100644
index c516f3aa5..000000000
--- a/meta-agl-bsp/meta-ti/recipes-kernel/linux/files/0002-smack-fix-cache-of-access-labels.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 99267706991ab84bd44ceaea9a7ec886bbdd58e0 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jobol@nonadev.net>
-Date: Tue, 12 Jan 2016 21:23:40 +0100
-Subject: [PATCH 2/4] smack: fix cache of access labels
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Before this commit, removing the access property of
-a file, aka, the extended attribute security.SMACK64
-was not effictive until the cache had been cleaned.
-
-This patch fixes that problem.
-
-Signed-off-by: José Bollo <jobol@nonadev.net>
-Acked-by: Casey Schaufler <casey@schaufler-ca.com>
----
- security/smack/smack_lsm.c | 8 ++++++--
- 1 file changed, 6 insertions(+), 2 deletions(-)
-
-diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
-index b20ef06..b2bcb14 100644
---- a/security/smack/smack_lsm.c
-+++ b/security/smack/smack_lsm.c
-@@ -1444,9 +1444,13 @@ static int smack_inode_removexattr(struct dentry *dentry, const char *name)
- * Don't do anything special for these.
- * XATTR_NAME_SMACKIPIN
- * XATTR_NAME_SMACKIPOUT
-- * XATTR_NAME_SMACKEXEC
- */
-- if (strcmp(name, XATTR_NAME_SMACK) == 0)
-+ if (strcmp(name, XATTR_NAME_SMACK) == 0) {
-+ struct super_block *sbp = d_backing_inode(dentry)->i_sb;
-+ struct superblock_smack *sbsp = sbp->s_security;
-+
-+ isp->smk_inode = sbsp->smk_default;
-+ } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0)
- isp->smk_task = NULL;
- else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0)
- isp->smk_mmap = NULL;
---
-2.7.4
-
diff --git a/meta-agl-bsp/meta-ti/recipes-kernel/linux/files/0003-Smack-ignore-null-signal-in-smack_task_kill.patch b/meta-agl-bsp/meta-ti/recipes-kernel/linux/files/0003-Smack-ignore-null-signal-in-smack_task_kill.patch
deleted file mode 100644
index c9180bb9f..000000000
--- a/meta-agl-bsp/meta-ti/recipes-kernel/linux/files/0003-Smack-ignore-null-signal-in-smack_task_kill.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From ec4eb03af07b0fbc330aecca6ac4ebd6accd8825 Mon Sep 17 00:00:00 2001
-From: Rafal Krypa <r.krypa@samsung.com>
-Date: Mon, 4 Apr 2016 11:14:53 +0200
-Subject: [PATCH 3/4] Smack: ignore null signal in smack_task_kill
-
-Kill with signal number 0 is commonly used for checking PID existence.
-Smack treated such cases like any other kills, although no signal is
-actually delivered when sig == 0.
-
-Checking permissions when sig == 0 didn't prevent an unprivileged caller
-from learning whether PID exists or not. When it existed, kernel returned
-EPERM, when it didn't - ESRCH. The only effect of policy check in such
-case is noise in audit logs.
-
-This change lets Smack silently ignore kill() invocations with sig == 0.
-
-Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
-Acked-by: Casey Schaufler <casey@schaufler-ca.com>
----
- security/smack/smack_lsm.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
-index b2bcb14..cf8a93f 100644
---- a/security/smack/smack_lsm.c
-+++ b/security/smack/smack_lsm.c
-@@ -2239,6 +2239,9 @@ static int smack_task_kill(struct task_struct *p, struct siginfo *info,
- struct smack_known *tkp = smk_of_task_struct(p);
- int rc;
-
-+ if (!sig)
-+ return 0; /* null signal; existence test */
-+
- smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
- smk_ad_setfield_u_tsk(&ad, p);
- /*
---
-2.7.4
-
diff --git a/meta-agl-bsp/meta-ti/recipes-kernel/linux/linux-ti-staging_%.bbappend b/meta-agl-bsp/meta-ti/recipes-kernel/linux/linux-ti-staging_%.bbappend
index c5fca454f..0c9374050 100644
--- a/meta-agl-bsp/meta-ti/recipes-kernel/linux/linux-ti-staging_%.bbappend
+++ b/meta-agl-bsp/meta-ti/recipes-kernel/linux/linux-ti-staging_%.bbappend
@@ -19,9 +19,6 @@ KERNEL_CONFIG_FRAGMENTS_append = " ${WORKDIR}/btusb.cfg"
# smack patches for handling bluetooth
SRC_URI_append_smack = "\
- file://0001-Smack-File-receive-for-sockets.patch \
- file://0002-smack-fix-cache-of-access-labels.patch \
- file://0003-Smack-ignore-null-signal-in-smack_task_kill.patch \
file://0004-Smack-Assign-smack_known_web-label-for-kernel-thread.patch \
"